Here is the algorithm I'm thinking to implement:
- We need to add a confirmation_code and confirmation attributes in our user model
- Create a controller method for our user model that expects a user id and confirmation code, looks up the user, checks the code in the parameter matches the code saved in our Data Base and clears the code after confirmation. In case the user forget his password and/or wants to reset their password we need to recreate this field.
- Create an action that maps to our new controller method (e.g. /users/1/confirm/code)
- Create an Mailer template which takes the user as a parameter and use the the confirmation code of the user to send a mail containing a link to the new route in our controller
- Create an observer for our user model. If the email of the user needs to be modified or a record is created we need to create a confirmation code, set it in the model and clear the confirmation flag. After that we need to trigger our Mailer
- Create a helper method which allows views to check if the current user is confirmed
- Protect our controller methods and views to prevent security issues
Is this the right way/design to do this?